Microsoft has recently launched a new feature called DNS over HTTPS (DoH) via their June 9, 2026 update. The company had this feature in testing for a while, and now it has finally been made available to the public. As a result, you can now deploy DoH on your on-premises DNS infrastructure without a third-party resolver.
This feature basically wraps DNS requests in an encrypted connection. Basically, every time a computer connects to a website, it first needs to look up an address using a system called the Domain Name System (DNS). Historically, this lookup occurred without encryption, meaning the information could be seen by anyone monitoring the network traffic.
DoH is generally available on Windows DNS Server
But with DoH, DNS requests are now encrypted. As a result, it helps prevent eavesdropping and unauthorized inspection and protects data from tampering as it travels across the network. On top of that, security certificates allow a device to verify it’s really talking to the correct DNS server, which reduces the risk of impersonation attacks.
Another useful part of this update is that companies don’t need to throw out their existing system overnight. DoH runs as a part of regular Windows DNS Server software, so there is no need for a separate system.
However, to ensure you can actually run DoH, you need to meet certain requirements, such as running the latest update, having a valid digital security certificate configured for server authentication, and having admin rights.
Microsoft recommends businesses follow three basic steps to turn it on: setting up a trusted security certificate, switching to DoH in the DNS server settings, and then pointing compatible devices to the new secure connection.
